[18008] in bugtraq
Re: CHINANSL Security Advisory(CSA-200011)
daemon@ATHENA.MIT.EDU (Zeev Suraski)
Mon Dec 11 14:25:03 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Message-Id: <5.0.2.1.2.20001210223611.04ef2960@mail.zend.com>
Date: Sun, 10 Dec 2000 22:40:59 +0200
Reply-To: zeev@zend.com
From: Zeev Suraski <zeev@ZEND.COM>
X-To: webmaster@CHINANSL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001206074700.5259.qmail@securityfocus.com>
Content-Transfer-Encoding: 8bit
Various people on the PHP QA and development team were unable to reproduce
this behavior under various versions of Apache and PHP, including the ones
mentioned in this advisory (the advisory doesn't mention which exact
version of PHP 3.0 it's using, though).
Note that at any rate, the setup that's described in this advisory (Apache
under Windows, using PHP 3.0 as a CGI) is extremely uncommon, especially in
production environments.
Zeev
At 09:47 6/12/2000, china nsl wrote:
>CHINANSL Security Advisory(CSA-200011)
>
>Topic: PHP AND APACHE Vulnerability
>
>Release Date£º Dec 6, 2000
>
>Affected system:
>============
>
>APACHE WEB SERVER 1.3
>¡¡¡¡- Microsoft Windows NT 4.0
>¡¡¡¡- Microsoft Windows 2000
>Impact:
--
Zeev Suraski <zeev@zend.com>
CTO, Zend Technologies Ltd. http://www.zend.com/
